Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Simple x64 Loader[Delphi SRC]

h4sh3m
h4sh3m
in Programming and Coding

Featured Replies

Posted

Hi

Maybe help someone to create custom loaders !

 

 

BR,

h4sh3m

x64_Simple_Loader_Delphi.rar

    •
    • Like 3
    • Thanks 5
    • 2 weeks later...

    Hi,

    Instead of using this function, we can't grab imagebase from PEB? 

    Actually I don't have a x64 system at this time.

     

    function GetModuleImageBase(PID : NativeUInt; Module : string):NativeUInt;
    var
      ModuleSnap: THandle;
      ModuleEntry32: TModuleEntry32;
      More: Boolean;
      ImageBase: Pointer;
      s : string;
    begin
      Result := 0;

      try
        ModuleSnap := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID);

        if ModuleSnap = NativeUInt(-1) then
        begin
          messagebox(0, 'Can''t Read Process Memory', 'Error', mb_iconerror);
          Exit;
        end;

        ModuleEntry32.dwSize := SizeOf(ModuleEntry32);

        More := Module32First(ModuleSnap, ModuleEntry32);
        while More do
        begin
          ImageBase := ModuleEntry32.modBaseAddr;

          s := extractfilename(StrPas(ModuleEntry32.szExePath));
          s := LowerCase(s);
          if s = LowerCase(Module) then
          begin
            Result := integer(ImageBase);
            break;
          end;

          More := Module32Next(ModuleSnap, ModuleEntry32);
        end;
      finally
        CloseHandle(ModuleSnap);
      end;
    end;

    • Author

    Hi

    @GautamGreat, As I said this is simple loader, You can do this with PEB but I'm not tested it !

     

    BR,

    h4sh3m

    Edited by h4sh3m

    • 4 months later...

    @h4sh3m by compiling your loader i get error
     

    du97fyokr9irmo59t.png

    if i comment this i get next error

    du97g2ays7mi13e0h.png

    Edited by xxx22xxx

    • Author

    Hi

    Which compiler you're using, with this code you can't patch x64 target via x86 loader?!

    After all you can change "CreateProcess" -> "CreateProcessW" and "w : DWORD" -> "w : NativeUInt".

     

     

    Best Regards,

    h4sh3m

    Edited by h4sh3m

    @h4sh3m

    Thanks already solved it , i have used Delphi 7 Lite Full Edition

    now have installed Rad Studio XE2 and it work !

    but have a question , this laoder will be work example to patch Adobe x64 bit soft?
     
    or it will not work like say GautamGreat ??

     

    • Author

    If you patch right place it will work :)

    It's depends on you (and/or your target), if your target protected maybe it will fail because of several reasons like: detecting debugger(I'm not sure used debug flag or not but some protectors (and some handy way :)) checks parent process to detect !), memory protection(checksum), ...

    you can use proxy method too for this purpose .

    thank you !

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.